Configuration | Apache Fory™
Skip to main content
Version: 1.3.0

Configuration

This page covers Python Fory instance configuration. pyfory.Fory() defaults to xlang mode with compatible schema evolution. Native mode is selected explicitly with xlang=False and also defaults to compatible schema evolution.

Fory Class

The main serialization interface:

class Fory:
    def __init__(
        self,
        xlang: bool = True,
        ref: bool = False,
        strict: bool = True,
        compatible: Optional[bool] = None,
        max_depth: int = 50,
        max_type_fields: int = 512,
        max_type_meta_bytes: int = 4096,
        max_schema_versions_per_type: int = 10,
        max_average_schema_versions_per_type: int = 3,
        policy: DeserializationPolicy = None,
        field_nullable: bool = False,
        meta_compressor=None,
    )

ThreadSafeFory Class

Thread-safe serialization interface using a pooled wrapper:

class ThreadSafeFory:
    def __init__(
        self, fory_factory=None, **kwargs
    )

Parameters

ParameterTypeDefaultDescription
xlangboolTrueUse xlang mode. Set False for Python native mode.
refboolFalseEnable reference tracking for shared/circular references. Disable for better performance if your data has no shared references.
strictboolTrueRequire type registration for security. Keep this enabled for production unless a policy owns trust decisions.
compatiblebool | NoneNoneSchema evolution mode. None enables compatible mode in both xlang and native mode. Set False only when every reader and writer uses the same schema.
max_depthint50Maximum deserialization depth for security, preventing stack overflow attacks.
max_type_fieldsint512Maximum fields accepted in one received remote struct metadata body.
max_type_meta_bytesint4096Maximum encoded body bytes accepted for one received TypeDef body, excluding the 8-byte header and any extended-size varint.
max_schema_versions_per_typeint10Maximum accepted remote metadata versions for one logical type.
max_average_schema_versions_per_typeint3Average accepted remote metadata versions across accepted remote types. The effective global floor is 8192 schemas.
policyDeserializationPolicy | NoneNoneDeserialization policy used for security checks. Strongly recommended when strict=False.
field_nullableboolFalseTreat dataclass fields as nullable by default.
meta_compressorAnyNoneOptional metadata compressor used for compatible-mode metadata encoding.
fory_factoryCallable | NoneNoneThreadSafeFory factory hook. When set, ThreadSafeFory creates instances via this callback; otherwise it forwards **kwargs to Fory construction.

Key Methods

# Serialization (serialize/deserialize are identical to dumps/loads)
data: bytes = fory.serialize(obj)
obj = fory.deserialize(data)

# Alternative API (aliases)
data: bytes = fory.dumps(obj)
obj = fory.loads(data)

# Type registration by id
fory.register(MyClass, type_id=123)
fory.register(MyClass, type_id=123, serializer=custom_serializer)

# Type registration by name
fory.register(MyClass, name="my.package.MyClass")
fory.register(MyClass, name="my.package.MyClass", serializer=custom_serializer)

Xlang And Native Mode Comparison

FeatureNative mode (xlang=False)Xlang mode (default)
Use casePython-only applicationsMulti-language systems
CompatibilityPython onlyJava, C++, Go, Rust, JavaScript/TypeScript, C#, Swift, Dart, Scala, Kotlin, etc.
Supported typesPython object surfaceCross-language compatible types
Functions/lambdasSupported with trusted dynamic deserializationNot allowed
Local classesSupported with trusted dynamic deserializationNot allowed
Dynamic classesSupported with trusted dynamic deserializationNot allowed
Schema mode defaultCompatibleCompatible

Xlang Mode

Xlang mode is the default and restricts payloads to types compatible across Fory implementations:

import pyfory

fory = pyfory.Fory(xlang=True, ref=True)
fory.register(MyDataClass, name="com.example.MyDataClass")
data = fory.serialize(MyDataClass(field1="value", field2=42))

Use compatible=False for xlang payloads only when every reader and writer always uses the same schema and you want faster serialization and smaller size. Use it only after verifying that every language uses that schema, or when native types are generated from Fory schema IDL.

Native Mode

import pyfory

fory = pyfory.Fory(xlang=False, ref=True, strict=False)

Native mode supports Python-specific object features such as functions, local classes, methods, __reduce__, and __getstate__. Compatible mode is still enabled by default. Set compatible=False only when every reader and writer always uses the same Python class schema and you want faster serialization and smaller size.

Compatible Mode

Compatible mode is enabled by default for both xlang and native mode. Keep this default when Python classes may evolve independently, when services deploy separately, or when xlang schemas are written by hand in different languages.

For xlang payloads, set compatible=False only after verifying that every language uses the same schema, or when native types are generated from Fory schema IDL.

Example Configurations

Xlang Service

import pyfory

fory = pyfory.Fory(
    xlang=True,
    ref=False,
    strict=True,
    max_depth=20,
)

fory.register(UserModel, name="example.User")

Native Mode With Dynamic Types

import pyfory

fory = pyfory.Fory(
    xlang=False,
    ref=True,
    strict=False,
    max_depth=1000,
)

Use strict=False only for trusted data, preferably with a policy= deserialization policy.

Security

Treat native-mode bytes from untrusted sources the same way you would treat untrusted pickle bytes. Native mode can reconstruct Python objects, import modules, invoke reduction hooks, and rebuild dynamic classes or functions when strict=False.

Production Configuration

Keep strict=True for production payloads unless the whole data source is trusted and a DeserializationPolicy owns the remaining trust decisions:

import pyfory

fory = pyfory.Fory(
    xlang=True,
    ref=False,
    strict=True,
    max_depth=50,
    max_type_fields=512,
    max_type_meta_bytes=4096,
    max_schema_versions_per_type=10,
    max_average_schema_versions_per_type=3,
)

fory.register(UserModel, name="example.User")
fory.register(OrderModel, name="example.Order")

Use dynamic native-mode deserialization (strict=False) only for trusted Python-only payloads:

import pyfory

fory = pyfory.Fory(
    xlang=False,
    ref=True,
    strict=False,
    max_depth=100,
)

Received remote metadata is also limited:

  • max_type_fields limits the number of fields accepted in one received struct metadata body.
  • max_type_meta_bytes limits the encoded body bytes accepted for one received TypeDef body.
  • max_schema_versions_per_type limits accepted remote metadata versions for one logical type.
  • max_average_schema_versions_per_type limits the average across accepted remote types.

These limits do not change strict, policy, dynamic loading, unknown-class handling, or schema-evolution semantics.

DeserializationPolicy

When strict=False is necessary, use DeserializationPolicy to restrict the dynamic types and hooks accepted during deserialization:

import pyfory
from pyfory import DeserializationPolicy

dangerous_modules = {"subprocess", "os", "__builtin__"}

class SafeDeserializationPolicy(DeserializationPolicy):
    def validate_class(self, cls, is_local, **kwargs):
        if cls.__module__ in dangerous_modules:
            raise ValueError(f"Blocked dangerous class: {cls.__module__}.{cls.__name__}")

    def intercept_reduce_call(self, callable_obj, args, **kwargs):
        if getattr(callable_obj, "__name__", "") == "Popen":
            raise ValueError("Blocked attempt to invoke subprocess.Popen")
        return None

    def intercept_setstate(self, obj, state, **kwargs):
        if isinstance(state, dict) and "password" in state:
            state["password"] = "***REDACTED***"
        return None

policy = SafeDeserializationPolicy()
fory = pyfory.Fory(xlang=False, ref=True, strict=False, policy=policy)

Available policy hooks include:

Reference validation hooks reject by raising exceptions and otherwise leave deserialized references unchanged.

HookDescription
validate_class(cls, is_local)Validate or block class types
validate_module(module_name, is_local)Validate or block module imports
validate_function(func, is_local)Validate or block function references
validate_method(method, is_local)Validate or block method references
intercept_reduce_call(callable_obj, args)Intercept __reduce__ invocations
inspect_reduced_object(obj)Inspect or replace objects created via __reduce__
intercept_setstate(obj, state)Sanitize state before __setstate__
authorize_instantiation(cls, args, kwargs)Control class instantiation

Security Checklist

  • Keep strict=True for untrusted data.
  • Register all expected application types before deserialization.
  • Use DeserializationPolicy when strict=False is necessary.
  • Keep max_depth low enough to reject unexpectedly deep payloads.
  • Do not treat xlang/native mode choice as a security control.
Community
Docs
Repositories

Copyright © 2026 The Apache Software Foundation, Licensed under the Apache License, Version 2.0.
Apache Fory, Fory, Apache, the Apache Logo and the Apache Fory logo are either registered trademarks or trademarks of the Apache Software Foundation in the United States and/or other countries.